Hosting CVE discussion groups?
We are still reeling a bit from the overwhelming response
we got from being at the SANS Network Security Conference.
One of the ideas that we heard from a lot of different
sources was the need for the creation of one or more (lightly
moderated?) discussion groups to discuss CVE related issues.
We think that the hosting of CVE related discussion groups
by non-MITRE sites/organizations would be a good thing
for several reasons. One, it would provide grounds for
discussions among a broader range of participants. Two,
it would help increase the public face of CVE support
beyond MITRE. Three, hopefully this plays into the
strengths of some of our Editorial Board members.
We, as a board, should probably discuss what sort
of ground rules, if any, should be imposed on such
discussion lists. We (MITRE) believe that:
a) The list should only be minimally moderated with
the goal of allowing free and open discussion while
protecting the list from blatant abuse and misuse.
b) The list should have a designated Editorial Board
member as an active participant to act as a liaison
between the board and the list. The liaison would
have the responsibility of keeping the Editorial
Board informed of issues of importance on the list.
And going in the other direction, while we expect
that the liaison would typically only speak for themselves,
there may be times when it would be appropriate for the
liaison to "speak for the board". NOTE: at the
August CVE review meeting, some members expressed concerns
with people other than the chair (Steve Christey) speaking
for the Editorial Board.
If you and/or your organization would be interested
in hosting such a forum, please contact me directly
David Mann || phone: (781) 271 - 2252
INFOSEC Engineer/Scientist, Sr ||
Enterprise Security Solutions || fax: (781) 271 - 3957
The MITRE Corporation ||
Bedford, Mass 01730 || e-mail: firstname.lastname@example.org